<?php
/*
 *      sessions.php
 *      
 *      Copyright 2011 Long Q Tran <tqlong@tqlong-terrell>
 *      
 *      This program is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License as published by
 *      the Free Software Foundation; either version 2 of the License, or
 *      (at your option) any later version.
 *      
 *      This program is distributed in the hope that it will be useful,
 *      but WITHOUT ANY WARRANTY; without even the implied warranty of
 *      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *      GNU General Public License for more details.
 *      
 *      You should have received a copy of the GNU General Public License
 *      along with this program; if not, write to the Free Software
 *      Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 *      MA 02110-1301, USA.
 *      
 *      
 */


function sess_open($sess_path, $sess_name) {
	return true;
}

function sess_close() {
	return true;
}

function sess_read($sess_id) {
	$result = mysql_query("SELECT data FROM session WHERE sessionID = '$sess_id';");
	if (!mysql_num_rows($result)) {
		$currentTime = time();
		mysql_query("INSERT INTO session (sessionID, dateTouched) VALUES ('$sess_id', $currentTime);");
		return '';
	} else {
		extract(mysql_fetch_array($result), EXTR_PREFIX_ALL, 'sess');
		mysql_query("UPDATE session SET dateTouched = $currentTime WHERE SessionID = '$sess_id';");
		return $sess_data;
	}
}

function sess_write($sess_id, $data) {
	$currentTime = time();
	mysql_query("UPDATE session SET data = '$data', dateTouched = $currentTime WHERE sessionID = '$sess_id';");
	return true;
}

function sess_destroy($sess_id) {
	mysql_query("DELETE FROM session WHERE sessionID = '$sess_id';");
	return true;
}

function sess_gc($sess_maxlifetime) {
	$CurrentTime = time();
	mysql_query("DELETE FROM session WHERE dateTouched + $sess_maxlifetime < $currentTime;");
	return true;
}

session_set_save_handler("sess_open", "sess_close", "sess_read", "sess_write", "sess_destroy", "sess_gc");
session_start();

$display_login_form = 1;

if (isset($_POST["logout"])) { // logout button pressed
	$username = $_SESSION['username'];
	$_SESSION = array();
	session_destroy();
	echo "User <b>", $username, "</b> logged out.<br />";
}

if (!isset($_POST["username"])) {  // check if login button pressed
	if (isset($_SESSION['username'])) { // logged in, do not display login form
		$display_login_form = 0;
	}
}
else { // process login information
	include("user.php");
	$username = $_POST["username"];
	$password = $_POST["password"];
	
	$user_check = check_username_password($username, $password);
	echo "Check result: ", $user_check, "<br />";
	switch ($user_check) {
		case 0: 
			if (add_user($username, $password)) {
				echo "New user <b>", $username, "</b> added <br />";
				$_SESSION['username'] = $username;
				$display_login_form = 0;
			}
			break;
		case 1: 
			echo "Login ok <br />"; 	
			$_SESSION['username'] = $username;
			$display_login_form = 0;
			break;
		case 2: 
		  echo "Incorrect password <br />"; 
		  break;
		default: 
		  echo "Unknown result !!! <br />";
	}
}

if ($display_login_form) {
?>
<form action="index.php" method="post">
	Username: <input type="text" name="username" /> <br />
	Password: <input type="password" name="password" /> <br />
	<input type="submit" value="Login"/>
</form>
<?php
}
else {
	echo "User <b>", $_SESSION['username'], "</b> logged in.<br />";
?>
<form action="index.php" method="post">
	<input type="hidden" name="logout" value="1"/>
	<input type="submit" value="Logout"/>
</form>
<?php
}

?>
